Cyber Incident Victim: TriZetto

TriZetto is a health technology company owned by Cognizant that provides insurance verification tools for healthcare providers. The company supports operations for about 200 million people through more than 875,000 providers across the United States. On October 2, 2025, TriZetto discovered a breach of its systems. Subsequent investigation indicated that attackers may have gained initial access as early as November 2024, allowing them to remain inside the network for nearly a year. The breach exposed personal and medical information of more than 3.4 million individuals. The compromised data may include names, dates of birth, home addresses, Social Security numbers, insurance information, healthcare provider names, and demographic data linked to medical records. TriZetto noted that not all of its customers were affected, but several healthcare organizations have confirmed that patient information was compromised, including OCHIN, a nonprofit technology group serving roughly 300 rural and community care providers, and some healthcare providers in California.

After identifying the breach on October 2, 2025, TriZetto, with assistance from its parent company Cognizant, removed the threat from its systems. A Cognizant spokesperson, William Abelson, confirmed the removal but did not provide an explanation for why the intrusion remained undetected for such an extended period. The incident adds to a series of significant cyberattacks on health technology firms, exemplified by the 2024 ransomware attack on Change Healthcare that resulted in the theft of over 192 million patient records and caused widespread disruptions to prescriptions, billing, and medical services. The breach exposed personal and medical information including names, dates of birth, home addresses, Social Security numbers, insurance information, healthcare provider names, and demographic data linked to medical records.